Trusted user interface for a secure mobile wireless device

Abstract

A mobile wireless device programmed with software which provides a trusted user interface for the device by allowing the content of a secure screen memory to be modifiable only by authorised applications. Normally, the entire screen memory address is public information, making the entire screen memory fully available to any application; hence, even sensitive dialogs would use screen memory which can in theory be looked at by malicious software, enabling that malicious code to grab PIN data etc. or corrupt a trusted user interface. But with the present invention, unauthorised applications are prevented from accessing the data displayed by the secure frame buffer because they are able to access only the non-secure screen memory. Hence, malicious applications cannot retrieve data from a trusted dialog or compromise that data. Further, as the present invention is a software only solution, it requires no new hardware per se—the only requirement is that components (e.g. a software window server; a video chip etc.) can select content from different parts of screen memory—i.e. secure and non-secure frame buffers.

Description

FIELD OF THE INVENTION [0001] This invention relates to a trusted user interface for a secure mobile wireless device. The user interface forms an element of a platform security architecture. DESCRIPTION OF THE PRIOR ART [0002] Platform security covers the philosophy, architecture and implementation of platform defence mechanisms against malicious or badly written code. These defence mechanisms prevent such code from causing harm Malicious code generally has two components: a payload mechanism that does the damage and a propagation mechanism to help it spread. They are usually classified as follows: [0003] Trojan horse: poses as a legitimate application that appears benign and attractive to the user. [0004] Worm: can replicate and spread without further manual action by their perpetrators or users. [0005] Virus: Infiltrates legitimate programs and alters or destroys data. [0006] Security threats encompass (a) a potential breach of confidentiality, integrity or availability of service...

AI Technical Summary

Benefits of technology

[0021] Secure and non-secure frame buffers are usually physically distinct parts of the same RAM based screen memory and hence no costly hardware duplication is required for implementation (e.g. no separate secure hardware crypto-processor, memory or display processor, as required in some prior art solutions).

Problems solved by technology

Security threats encompass (a) a potential breach of confidentiality, integrity or availability of services or data in the value chain and integrity of services and (b) compromise of service function.

Threats to confidentiality and integrity of data.

Threats to confidentiality and integrity of services.

Threats to availability of service (also called denial of service).

Games are an important application category for mobile wireless devices, but expose the device to high levels of security risk Usually, games require direct access to the screen memory or to a graphic accelerator in order to perform fast bitmap operations.

Hence, conventional screen memories (also known as frame buffers) present an Achilles heel to platform security since applications such as malicious or badly written games can grab or alter sensitive information (e.g. passwords etc.) displayed on screen.

This hardware solution would however be prohibitively expensive to implement in a mobile wireless device (typically a ‘smartphone’, enhanced mobile telephone, PDA or other personal, portable computing device) because of space and cost constraints.

Hence, mobile wireless devices offer very considerable challenges to the designer of a platform security architecture.

To date, there have been no effective proposals for trusted user interfaces for secure mobile wireless devices.